Posted
by
Unknown Lamer
on Wednesday September 28, 2011 @08:33AM
from the treacherous-computing-lives-again dept.

In his first accepted submission, lukemartinez sends in an excerpt from a ZDNet article on continuing developments about Microsoft's UEFI secure boot requirements: "The Linux Australia community began petitioning the ACCC this week after Microsoft aired plans to mandate the enabling of Unified Extensible Firmware Interface's secure boot feature for devices bearing the 'Designed for Windows 8' logo. This means that any software or hardware that is to run on the firmware will need to be signed by Microsoft or the original equipment manufacturer (OEM) to be able to execute. This would make it impossible to install alternative operating systems like Linux..."
Delimeter has further information on the petititions, and Matthew Garret recently posted a follow-up to Microsoft's response to the concerns about secure boot, calling them out on their misinformation.

But truth is this is a manufactured story that really has yet to cause anyone any problems.

Because they haven't shipped any yet, that's why.

Let me ask you this: Who has built a system with a UEFI subsystem which doesn't allow Secure Boot to be disabled by the user? Answer: Nobody.

And, who has seen a UEFI system which says it's been designed for Windows 8 they could test this against? Answer: Nobody.

In the hands of Microsoft, I believe entirely they would insist their vendors build a machine which is really only capable of booting Windows without basically violating ACTA or something. They've never demonstrated any compunction about forcing lock-in if they get a chance. In fact, they have a strong preference for it.

Hell, it took literally years and a bunch of lawsuits to buy a whitebox PC without Microsoft getting paid for the OS even if you didn't want it and weren't going to use it... you think they'd hesitate to insist vendors ship something locked down to them?

The reality is, almost any tech company would lock you into their product so fast it's not funny.

The problem here is that a majority of users are Windows users that will actually benefit from running a computer with a secure boot loader. So Microsoft is serving the interests of their users by pushing for secure boot.

The good reason to oppose secure boot is the fear that computers will ship locked to Microsoft's keys. Before petitioning the government to specify the terms under which Microsoft can offer a logo program, people should be encouraging Microsoft to add a requirement for a method of disabling secure boot to the logo program (this may well be futile...).

The reason for Microsoft to do this would be to put the whole damn issue behind them, and it only really matters for random consumer hardware that might end up with Linux on it, not a space they face much competition in.

(Server and business vendors will continue to sell their customers what they want, running arbitrary software on such systems will not be problematic)

This isn't designed to stop viruses (though theoretically it could help a little), this is part of Microsoft's anti-piracy push. Current methods of pirating Windows involve loading up something before the kernel to trick Windows into thinking it is installed on a machine with an OEM license. Obviously if the BIOS won't hand off to unsigned code then this becomes impossible and this method of piracy (which has been in use since Vista's time) is no longer viable.

Hence why the don't want OEMs to give you the option to disable this feature or to load up your own keys. If they did then it would solely be a security feature and do nothing for piracy. Given that, it explains why Linux people are so worried, because Microsoft is pushing for exactly this and Linux is about to get caught in the crossfire.